Hey we’re just hearing this from the BBC so it must be true, but it looks like some of those iPhone apps out there aimed at kids may sometimes manage to fool children into making in-game purchases using a grown-up’s credit card. We also have Apple’s response to this.

Matthew is six and a fan of an iPhone app called Tap Resort Party, in which players build their own holiday park. This is a colorful game that seems set for kids, in which you buy properties not with cash but shells.

He asked his dad if he could play the game, his dad said yes and duly downloaded it, and Matthew played happily.

Then we’ll let BBC’s popular Watchdog series take over: “Dominic agreed to download the free game, but just a few days later, he got a nasty surprise when his credit card company called to warn him of several hundred pounds of unexpected spending on his iTunes account.”

Matthew had been tapping purchase shells in the game, each time he did the game charged the credit card £59.99. At issue, even though a password is required to download the app, iTunes will then stay logged in for 15 minutes, so you can make in-app purchases within that 15 minute window, and of course, each time you do the window gets extended.

Graham Barlow, Editor of MacFormat Magazine explains: “The problem is once it’s remembered your password just a little bit if you give your phone then to your child to play a game they can start making purchases before it’ll ask for your password again.”

Apple responded, “App purchase and In-App purchase can be restricted using Parental Controls. Parental Controls also can restrict apps based on app age ratings. In-app purchases and currencies cannot be used to acquire any physical goods, nor can they be used between applications, they can only be used for digital content or services provided by the application.”

So to be fair the problem isn’t strictly speaking the game itself, but the potential here is pretty clear. How can Apple improve its in-app purchasing system to protect users from inadvertent purchases like this?